Enterprises implement various authentication systems to control access to web-based applications. Traditional authentication systems for web-based applications may only support a single factor authentication process in which a user is authenticated with a username and password. However, authentication using only simple passwords may inadequately protect information and resources provided by web-based applications. To enhance security, many enterprises have adopted strong authentication (e.g., two-factor authentication) that requires a user to provide more than one type of authentication credential. For example, a user may be required to provide a knowledge-based factor (e.g., a password or something else the user knows) and a token-based factor (e.g., a one-time password or something else the user has).
Unfortunately, implementing multi-factor authentication in existing web-based applications may be time and cost prohibitive. For example, retrofitting a web-based application with the binding and validation processes used in multi-factor authentication may take up to six months or more. What is needed, therefore, is a more efficient and effective mechanism for providing strong authentication for existing web-based applications.